Personal computers (PCs) serve a multitude of software applications, features and functions. Applications provide users with means to accomplish productivity tasks, such as, but not limited to, document processing, spreadsheet management, email exchanges, and Internet browsing. The features and functions are commonly referred to as the “personalized information” and may comprise favorite Internet websites, contacts, Internet cookies, digital signatures, background images, desktop icons, application control bars, choice of default values and other configurable settings. In general, the personalized information differs from one user to another.
Typically, software applications are installed and setup using an automated installation process. The installation process is designed to enable the integration of the new functionality into the operating system, as well as ensuring that the application can be removed. Installation and setup of software applications can be typically performed by user accounts having administrative rights.
Modern operating systems, such as Microsoft® XP® or Microsoft Vista® typically include a registry file for storing operating system user and application settings and options, dynamic link libraries (DLLs) which contains shared code, and named objects for naming functions shared by different processes. This structure of an operating system causes most of the challenges associated with application installation, most notable of which are:                1. Operating system stability and performance: Installations permanently modify the operating system (even after uninstalling) resulting in an incremental decline in operating system performance due to uninstalled leftovers (orphan files), inflated registry files, and so on.        2. Conflicts: Installations cause application conflicts due to various incompatibilities and resource sharing issues.        3. Rigidness: Applications are installed into the operating system in a way that prevents the applications from being “detached” and migrated between different computers; applications are executed exclusively within the environment in which they were initially installed.        4. Security: When applications and the operating system are fused together, internal cross contamination is almost inevitable.        5. Mobility: once an application is installed onto the operating system it can be used only on the computer in which it was installed.        
To secure a computing environment from performing harmful operations by applications or users, different permission levels are defined. Generally, there are two permission levels: guest and administrator. The guest permissions allow users only to run applications, but not to install applications or change applications' settings. The administrator permissions allow the user to install applications and hardware, make system-wide changes, access and read all non-private files, create and delete user accounts, define accounts' permissions, and so on.
One security approach that utilizes the permission system is known as “a locked-down computer”, which is a computer that is being operated by a user account or process that does not have full administrator permissions. Locking down a computer limits the changes that can be made to the base operating system and prevents the installation of unauthorized software to the computer as well as blocking access of unwanted applications. This approach has been proven to be secured and at the same time reduces the total cost of ownership (TCO) of computers in the organization.
However, the challenge with locking-down a computer is the limitations it imposes on the users. In conventional desktop computing environments, a locked-down computer severely limits users from utilizing the entire set of features a software application. Such features include, for example, customization, add-ons, applying updates and intercommunication with other applications, and so on. This results in limited functionality and ultimately impacts the productivity of users. In addition, locking down computers requires a system administrator to maintain a central management of the applications installed on the organization's computers.
It would be, therefore, advantageous to provide a solution for locking down computers without imposing the limitations discussed above.